In this talk, we will show how (by combining a set of vulnerabilities that we actually exploited on real robots) remote attackers are able to violate the fundamental laws governing robots, up to the point where they can alter the manufactured product, physically damage the robot, steal industry secrets, or injure humans. We will cover in-depth technical aspects (e.g., reverse engineering and vulnerability details, and attack PoCs), along with a broader discussion of the security posture of Industry 4.0 deployments.
Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any modern factory. These robots aren't just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. In this scenario, industrial routers also play a key role, because they directly expose the robot's controller. Therefore, the impact of a single, simple vulnerability can grant attackers an easy entry point.
Industrial robots must follow three fundamental laws: accurately "read" from the physical world through sensors and "write" (i.e. perform actions) through actuators, refuse to execute self-damaging control logic, and most importantly, echoing Asimov, never harm humans. By combining a set of vulnerabilities we discovered on a real robot, we will demonstrate how remote attackers are able to violate such fundamental laws up to the point where they can alter the manufactured product, physically damage the robot, steal industry secrets, or injure humans.
We will cover in-depth technical aspects (e.g., reverse engineering and vulnerability details, and attack PoCs), alongside a broader discussion on the security posture of industrial routers and robots: Why these devices are attractive for attackers? What could they achieve? Are they hard to compromise? How can their security be improved?